Lucene search
K

40 matches found

Cvelist
Cvelist
added 2026/05/22 4:29 a.m.43 views

CVE-2026-4070 Alfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' Parameter

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS0.00164EPSS
Exploits0References5
CVE
CVE
added 2026/05/03 3:0 a.m.33 views

CVE-2026-7676

CVE-2026-7676 affects kerwincui FastBee up to version 1.2.1. The vulnerability resides in ToolController.download (springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java) where manipulation of the fileName argument enables path traversal. The issue is exploitabl...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-22512

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through = 1.2.1...

8.1CVSS0.00504EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 7:53 p.m.7 views

WordPress Alfie - Feed Plugin plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter vulnerability

WordPress Alfie - Feed Plugin plugin = 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alfie versions = 1.2.1...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/20 4:22 p.m.5 views

CVE-2025-68042

Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through = 1.2.2...

6.5CVSS0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.11 views

CVE-2025-68042

CVE-2025-68042 is a Missing Authorization vulnerability in the WordPress Travelpayouts plugin, affecting versions up to and including 1.2.2 (per NVD/Red Hat/CVE lists). The issue is described as broken access control allowing exploitation due to incorrectly configured access control security leve...

6.5CVSS5.9AI score0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:26 a.m.2 views

CVE-2026-25003

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

5.5AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.4 views

CVE-2025-68867 WordPress Effect Maker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through = 1.2.1...

6AI score0.00168EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 11:25 a.m.7 views

WordPress Effect Maker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Effect Maker versions = 1.2.1...

6.5CVSS6.1AI score0.00168EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/11/25 7:27 a.m.9 views

WordPress Job Board by BestWebSoft plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via $GET Array Storage vulnerability discovered by Jamshed Yergashvoyev CVE Guy - Turan Security in WordPress Plugin Job Board by BestWebSoft versions = 1.2.1...

6.1CVSS6AI score0.00224EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.5 views

PT-2025-45326

Missing Authorization vulnerability in anibalwainstein Effect Maker effect-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Effect Maker: from n/a through = 1.2.1...

6.5CVSS7AI score0.00204EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 7:16 p.m.20 views

CVE-2025-12305

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...

9.8CVSS0.00461EPSS
Exploits1References5
CVE
CVE
added 2025/10/27 6:32 p.m.14 views

CVE-2025-12305

The CVE-2025-12305 issue affects quequnlong shiyi-blog up to version 1.2.1, specifically the Job Handler component and the SysJobController.java file. The vulnerability is a deserialization flaw that can be triggered remotely, with an exploit publicly available. Affected software: quequnlong shiy...

9.8CVSS6.4AI score0.00461EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/22 3:31 p.m.6 views

EUVD-2025-35412

Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through = 1.2.1...

9.8CVSS6.5AI score0.00541EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/22 3:31 p.m.4 views

EUVD-2025-35467

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team Woocommerce Envato Affiliates wooenvato allows Reflected XSS.This issue affects Woocommerce Envato Affiliates: from n/a through = 1.2.1...

5.9AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 3:15 p.m.13 views

CVE-2025-53422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeWarriors WhatsApp Chat for WordPress and WooCommerce tw-whatsapp-chat-rotator allows Reflected XSS.This issue affects WhatsApp Chat for WordPress and WooCommerce: from n/a through = 1.2.1...

7.1CVSS0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30655

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.0026EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/22 7:1 p.m.4 views

WordPress Clariti Plugin <= 1.2.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Clariti versions = 1.2.1...

5.4CVSS6.7AI score0.0026EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/09/08 5:22 a.m.5 views

WordPress Edema Theme <= 1.2.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Edema versions = 1.2.1...

8.1CVSS7AI score0.00519EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:55 a.m.7 views

CVE-2024-56235

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vicky Kumar Coupon coupon-lite allows DOM-Based XSS.This issue affects Coupon: from n/a through = 1.2.2...

6.5CVSS7.2AI score0.00226EPSS
Exploits0References1
Rows per page
Query Builder